surveillance | Breaking Cybersecurity News | The Hacker News

The North Korea-aligned state-sponsored hacking group known as ScarCruft has compromised a video game platform in a supply chain espionage attack, trojanizing its components with a backdoor called BirdCall to likely target ethnic Koreans residing in China. While prior versions of the backdoor have primarily targeted Windows users only, the supply chain attack is assessed to have enabled the threat actors to also target Android devices, essentially turning it into a multi-platform threat. According to ESET, the campaign has singled out sqgame[.]net, a gaming platform used by ethnic Koreans living in the Yanbian region in China bordering North Korea and Russia. It's also known to act as a primary, high-risk transit point for North Korean defectors crossing the Tumen River. Filip Jurčacko, senior malware researcher at ESET, told The Hacker News that the campaign was discovered in October 2025, adding the trojanized Android games are still available for download on the sqgame[.]ne...

A nascent Android remote access trojan called Mirax has been observed actively targeting Spanish-speaking countries, with campaigns reaching more than 220,000 accounts on Facebook, Instagram, Messenger, and Threads through advertisements on Meta. "Mirax integrates advanced Remote Access Trojan (RAT) capabilities, allowing threat actors to fully interact with compromised devices in real time," Italian online fraud prevention firm Cleafy said . "Beyond traditional RAT behavior, Mirax enhances its operational value by turning infected devices into residential proxy nodes . Leveraging SOCKS5 protocol support and Yamux multiplexing, it establishes persistent proxy channels that allow attackers to route their traffic through the victim's real IP address." Details of Mirax first emerged last month when Outpost24's KrakenLabs revealed that a threat actor going by the name "Mirax Bot" has been advertising a private malware-as-a-service (MaaS) offerin...

Hungarian domestic intelligence, the national police in El Salvador, and several U.S. law enforcement and police departments have been attributed to the use of an advertising-based global geolocation surveillance system called  Webloc . The tool was developed by Israeli company Cobwebs Technologies and is now sold by its successor Penlink after the two firms merged in July 2023 , according to a report published by the Citizen Lab. Penlink, founded in 1986, is a provider of "mission-critical communications and digital evidence collection and analysis software" to law enforcement agencies in the U.S. and across the world. U.S. customers of the Webloc include Immigration and Customs Enforcement (ICE), the U.S. military, Texas Department of Public Safety, DHS West Virginia, NYC district attorneys, and various police departments in Los Angeles, Dallas, Baltimore, Tucson, Durham, and in smaller cities and counties like the City of Elk Grov...

An apparent hack-for-hire campaign likely orchestrated by a threat actor with suspected ties to the Indian government targeted journalists, activists, and government officials across the Middle East and North Africa (MENA), according to findings from Access Now , Lookout , and SMEX . Two of the targets included prominent Egyptian journalists and government critics, Mostafa Al-A'sar and Ahmed Eltantawy, who were at the receiving end of a series of spear-phishing attacks that sought to compromise their Apple and Google accounts in October 2023 and January 2024 by directing them to fake pages that tricked them into entering their credentials and two-factor authentication (2FA) codes. "The attacks were carried out from 2023 to 2024, and both targets are prominent critics of the Egyptian government who have previously faced political imprisonment; one of them was previously targeted with spyware ," Access Now's Digital Security Helpline said. Also...

Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked into installing a bogus version of its iOS app that was infected with spyware. According to reports from Italian newspaper La Repubblica and news agency ANSA , the vast majority of the targets are located in Italy. It's assessed that the threat actors behind the activity used social engineering tactics to get users to install malicious software that mimicked WhatsApp. All the affected users have been logged out and have been recommended to uninstall the malware-laced apps and download the official WhatsApp app. WhatsApp did not reveal who was targeted in these attacks. The tech giant said it's also taking action against Asigint, an Italian subsidiary of spyware company SIO, for allegedly creating a counterfeit version of WhatsApp.  On its website, the company advertises solutions to law enforcement agencies, government organizations, and police and intelligenc...